 |  |  |  |  |  |  |  |
About:blank trusted start page and freshbar problem...please help
 |
I know i am not the only one who had a problem with their home page always returning to the about:blank trusted start page. I have read other posts on this problem but none seemed to help permanently.
I have downloaded ad-aware, spybot search and destroy, cws shredder, about: buster, and hijack this.
I also hav a problem with the freshbar toolbar in ie explorer which i also want gone.
I just need some help to get rid of these problems and any other nasty things u may happen to notice on my system.
Here is my HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 9:39:47 a.m., on 5/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ecmn\Qxvg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Gnldnhdv] C:\Program Files\Ecmn\Qxvg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.212/counter/new/x.chm::/update.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
I have downloaded ad-aware, spybot search and destroy, cws shredder, about: buster, and hijack this.
I also hav a problem with the freshbar toolbar in ie explorer which i also want gone.
I just need some help to get rid of these problems and any other nasty things u may happen to notice on my system.
Here is my HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 9:39:47 a.m., on 5/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ecmn\Qxvg.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Gnldnhdv] C:\Program Files\Ecmn\Qxvg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: http://*.search-soft.net
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.212/counter/new/x.chm::/update.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS1\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O17 - HKLM\System\CS2\Services\Tcpip\..\{29EE908E-B405-4CAC-923C-4E50D2257DE5}: NameServer = 69.50.166.94,69.31.80.244
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
The Freshbar takes a bit of work to get rid of (I know because I recently had it).
Scan with HJT and have it fix all the entries that say about:blank, all the O17 entries, and the O15 entry.
Reboot into Safe Mode
Search for, and delete the following, if found:
Unlodctl.exe
Nlsfuncs.exe
Pentxpl.exe
Openconf.exe
Iecust.exeNlsfuncs.exe
Openconf.exe
Iecust.exe
Msij.dll
Msvw.dll
Spnping.dll
Icust.dll
Dnsauth.dll
Qappsrvc32.exe
Taskopen.exe
Dx9vbc.dll
Mwx.dll
Hdon.dll
Dte.dat
Menu.txt
(Most will probably be in your c:\windows\system32 folder)
Go to
Start, Run, and type in regedit
Go to
HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion, Run.
Click on Run and look in the right-hand pane for taskopen and hdon
Right-click on these two, if found, and delete them -- and nothing else!
Exit regedit
While still in Safe Mode, do a full system scan with your antivirus program and fix anything it finds, or let us know what you can't fix.
Reboot normally.
Do a full system scan with TrendMicro's free online scan (http://housecall.trendmicro.com/hous...start_corp.asp)
Again, fix what it finds or let us know what can't be fixed.
Go to Windows Update and get the Critical Updates for your computer. Hold off on SP2, however, until your system is clean.
Close all browser windows, scan with HJT, and post a new log.
Scan with HJT and have it fix all the entries that say about:blank, all the O17 entries, and the O15 entry.
Reboot into Safe Mode
Search for, and delete the following, if found:
Unlodctl.exe
Nlsfuncs.exe
Pentxpl.exe
Openconf.exe
Iecust.exeNlsfuncs.exe
Openconf.exe
Iecust.exe
Msij.dll
Msvw.dll
Spnping.dll
Icust.dll
Dnsauth.dll
Qappsrvc32.exe
Taskopen.exe
Dx9vbc.dll
Mwx.dll
Hdon.dll
Dte.dat
Menu.txt
(Most will probably be in your c:\windows\system32 folder)
Go to
Start, Run, and type in regedit
Go to
HKEY_LOCAL_MACHINE, Software, Microsoft, Windows, CurrentVersion, Run.
Click on Run and look in the right-hand pane for taskopen and hdon
Right-click on these two, if found, and delete them -- and nothing else!
Exit regedit
While still in Safe Mode, do a full system scan with your antivirus program and fix anything it finds, or let us know what you can't fix.
Reboot normally.
Do a full system scan with TrendMicro's free online scan (http://housecall.trendmicro.com/hous...start_corp.asp)
Again, fix what it finds or let us know what can't be fixed.
Go to Windows Update and get the Critical Updates for your computer. Hold off on SP2, however, until your system is clean.
Close all browser windows, scan with HJT, and post a new log.
Last edited by dlh6213; Jan 6th, 2005 at 6:15 am. Reason: Clarify regedit instructions
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Another suggestion:
Before posting a new HJT log, go here:
http://forums.skads.org/index.php?showtopic=80, look in Post #3 for the remv3.zip file and click on it to download. Put it in it's own permanent folder (like c:\freshbarfix).
Reboot into Safe Mode
Open the folder that you put remv3 into and double-click on remv3.bat, this will start a scan for all files possibly related to freshbar. Do not delete any files found! Some may be legitimate. In the upper left-hand corner, click on File, Save As, and save it in a folder you will be able to find later (probably the same folder you put remv3 in).
Reboot normally, and post the remv3 log along with a new HJT log.
Before posting a new HJT log, go here:
http://forums.skads.org/index.php?showtopic=80, look in Post #3 for the remv3.zip file and click on it to download. Put it in it's own permanent folder (like c:\freshbarfix).
Reboot into Safe Mode
Open the folder that you put remv3 into and double-click on remv3.bat, this will start a scan for all files possibly related to freshbar. Do not delete any files found! Some may be legitimate. In the upper left-hand corner, click on File, Save As, and save it in a folder you will be able to find later (probably the same folder you put remv3 in).
Reboot normally, and post the remv3 log along with a new HJT log.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
OK, well freshbar is gone, and the about:blank trusted start page was gone after i rebooted but when i started internet explorer for a second time, it had returned.
Here is the new HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 10:41:06 a.m., on 6/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ecmn\Qxvg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\hijack this\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Gnldnhdv] C:\Program Files\Ecmn\Qxvg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.212/counter/new/x.chm::/update.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Here is the new HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 10:41:06 a.m., on 6/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Ecmn\Qxvg.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ICQ\ICQ.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\hijack this\HijackThis.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [Gnldnhdv] C:\Program Files\Ecmn\Qxvg.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {11212111-2121-1311-1141-115611111222} - ms-its:mhtml:file://d: oo.mht!http://69.50.166.212/counter/new/x.chm::/update.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
•
•
Join Date: Feb 2004
Posts: 9,929
Reputation: 
Solved Threads: 710
Can you follow dlh6213's 2nd post and report back with the log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
|
Similar Threads
- Hijacker about:blank Trusted Start Page (Viruses, Spyware and other Nasties)
- Blank Trusted start Page hijackthis.log attc. (Viruses, Spyware and other Nasties)
- Bloody Blank Trusted start Page (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: about:blank Trusted Start Page problem
- Next Thread: Plz check hjt log
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday